Problem definition
Cyber attacks are also possible via seemingly harmless peripheral devices such as wireless mice, keyboards and so-called presenters[1]. In this context, we would like to inform you about security risks and provide a brief overview of alternative products, with the request that you address the issue and replace insecure devices.
[1] Presenters are devices that are often used during presentations: they are held in the hand and can be used to scroll the presentation forwards and backwards (simulating mouse input) and to create a light spot on the presentation surface.
Older devices in particular often have security vulnerabilities that allow either the interception of keyboard input or the undetected infiltration of signals (keyboard input, mouse movements and mouse clicks).
Fortunately, the risk potential is not extremely high, as a potential attacker must be physically close to the attacked device, typically within a radius of 10 to 20 metres, or up to 100 metres in the case of Bluetooth. Nevertheless, there is of course the risk of a targeted attack, especially with devices on which important confidential data is processed. This data can be spied on unnoticed by the user.
Popular devices from Dell and Logitech are also affected, but not exclusively. Below we give you an overview of potentially vulnerable devices.
Bluetooth
The use of Bluetooth-based keyboards, mice and presenters is generally not recommended, as Bluetooth generally has security vulnerabilities that are already inherent in the concept of the technology itself.
Links to the exact background from external sources: see at the end of this article.
Keyboards and mice (Logitech and Dell)
In the case of Dell, this concerns in particular the keyboard/mouse combination with the designation "KM636", among others. However, only devices manufactured before 2016 are affected. Newer devices use a different technology (PRIMAX) that is safe according to current knowledge. Older devices should be replaced.
Older Logitech devices with Logitech "Unifying" technology are also affected by several security vulnerabilities. Unfortunately, Logitech does not offer a firmware update or replacement for all devices, so these devices should also generally be replaced. In addition, there is currently no known date from which Logitech intends to equip its devices with the secure version of its technology or has already done so; no security update is provided for many devices.
Recommendation
When purchasing such devices, we strongly recommend that you ensure that the radio link is encrypted with "AES256" or at least "AES148". Older devices must be replaced.
Newer devices from Dell, from 2016 with PRIMAX technology, are also classified as secure and can be used. Unfortunately, the Dell data sheets on the web do not indicate which technology is used in a specific device and when the production date was.
In view of the large number of wireless keyboards/mice on the market and the dynamic market development, a recommendation list can never be complete. Make sure that the product of your choice has the encryption recommended above.
A secure alternative to these wireless keyboards and mice is also, for example, the Microsoft "Sculpt" series, which uses secure, encrypted wireless technology.
Presenter
Only a few devices have been tested as secure by security experts. Almost all of the devices tested had one or more vulnerabilities.
Many commercially available presenters are susceptible to attacks (but only at close range), although there are rarely any tests for specific devices. In the interests of caution, it must therefore be assumed that these devices are also vulnerable.
The widely used Logitech devices R400, R500 (older devices before the end of 2019), R700, R800 and Spotlight are among those affected by the security vulnerabilities. Unfortunately, the newer devices that have received a security patch are not recognisable as such.
This means that there are sometimes (e.g. with the R500) two technically different devices on the market (one secure, one insecure) that are labelled the same and cannot be distinguished by the user. In addition, the exact date from which the patch was applied is unknown.
Here too, it is not possible to have a centralised overview of where these devices are in use. These devices are usually procured decentrally as small requirements. Here too, the use of Bluetooth-based devices is generally not recommended.
Recommendation
We strongly recommend replacing these devices with the ones listed here.
The "August LP205"[1] presenter has been classified as safe. The "Kensington® Ultimate Presenter™" presenter can also be recommended. The "August LP205" is easier to use and requires no driver installation. The Kensington device offers more options, but these are only required in special cases, and it also requires the installation of additional software. As a rule, we therefore recommend the "August" device.
In view of the large number of presenters on the market and the dynamic market development, a list of recommendations can never be complete.
[1] Herstellerseite: https://www.augustint.com/en/productmsg-40-122.html
weiterführende Links
Für die technisch Interessierten: hier die Quellen zu den Untersuchungen von Sicherheitsexperten, die zu dieser Empfehlung geführt haben.
Bluetooth
andrere Funktechnologien für Peripheriegeräte